Today, CISA—in partnership with the Defense Advanced Research Projects Agency (DARPA), the Office of the Under Secretary of Defense for Research and Engineering (OUSD R&E), and the National Security Agency (NSA)—published Closing the Software Understanding Gap. This report urgently implores the U.S. government to take decisive and coordinated action.
Software understanding refers to assessing software-controlled systems across all conditions. Mission owners and operators often lack adequate capabilities for software understanding because technology manufacturers build software that greatly outstrips the ability to understand it. This gap, along with the lack of secure by design software being created by technology manufacturers, can lead to the exploitation of software vulnerabilities.
The U.S. government has engaged in activities that have paved the way toward improving software understanding, including research investments, mission agency initiatives, and policy actions. This report further explores the opportunity for enhanced coordination to strengthen technical foundations and progress towards a more vigorous understanding of software on a national scale. To learn more about development practices and principles that build cybersecurity into the design and manufacture of technology products, visit CISA’s Secure by Design webpage.
In partnership with the Federal Bureau of Investigation (FBI), CISA released an update to joint…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of…
Today, CISA released the Microsoft Expanded Cloud Logs Implementation Playbook to help organizations get the…
Fortinet released security updates to address vulnerabilities in multiple Fortinet products. A cyber threat actor…
Today, CISA—along with U.S. and international partners—released joint guidance Secure by Demand: Priority Considerations for…
CISA released two Industrial Control Systems (ICS) advisories on January 7, 2025. These advisories provide…
This website uses cookies.